The Data Protection Lessons From Strategic Oil

It makes sense for Australia to take advantage of the recent massive drop in oil prices in order to build up our oil reserves. But, other than in the short term, storage of that oil in the United States does not make sense.

Why?

Because that storage is within the US Strategic Petroleum Reserve, across Texas and Louisiana, and would have to be shipped through the Panama Canal and across the Pacific when needed.

Not only would that take time but there is the risk that we might not be able to get it at all.

A situation where we need to tap our strategic reserves could be triggered by a number of scenarios, from a shipping blockage to an international conflict. And it would not have to be all-out warfare – perhaps a cyber conflict where global supplies, including oil, were threatened.

Ownership does not necessarily mean control

And, as pointed out by the Australian Strategic Policy Institute if, in an emergency, the US decides it needs the oil more than we do, the agreement might not stand.

Obviously, we need to build up the national storage capacity and have our strategic oil reserve both located on Australian soil and under Australian control. And with the escalating tensions around the world, especially between China and the United States, there is a strong case that we need to do so sooner, rather than later.

The Lessons for Data Protection

There are lessons we need to learn from the protection of our strategic oil reserves and apply to the protection of our sensitive corporate information (such as board papers, strategic plans and critical infrastructure data) as well as sensitive government data.

Firstly, hosting such data offshore means it is subject to foreign jurisdiction, such as the US Patriot Act. This act, and other measures, can be invoked to provide law enforcement and other parties access without the data owners’ knowledge.

Secondly, hosting such data within Australia does not negate jurisdictional issues unless such hosting is not subject to any foreign jurisdiction.

While some of the global cloud providers now offer Australian hosted data, the technical control of their servers – and thus the ability to extract the data at any time – is more often than not from another country and therefore subject to foreign laws such as the US Patriot Act.

A situation where we need to really protect our sensitive data could be triggered by a variety of scenarios – from an international trade war to an escalating cyber conflict. And it might well be far short of such obvious threats – it could be an insidious perceived conflict with one of our companies or one of our trade policies. And since, unlike oil, moving data is invisible as well as very easy, it could all be done without our knowledge.

Sovereign Cloud Hosting

That is why we need to raise awareness of ‘sovereign cloud’ hosting. By this is meant data hosted in Australia, subject to Australian technical control and only subject to Australian jurisdiction.

We have a number of companies that were specifically structured to meet these conditions, and at a higher level of security than most offshore or global cloud providers. And while some see sovereign cloud as an issue of supporting local companies, in reality, it is the far more critical issue of controlling our sensitive data.

As with Oil, Data Ownership Does Not Necessarily Mean Control!

Just as we need to have full control of our strategic oil reserves so too, or perhaps even more so, we need to have full control of who has access to our sensitive data.